Skip to main content

A complete guide to securing Spring RESTful web services using HTTP Basic Authentication header

In the following tutorial, I have shown you how to develop RESTful web services using Spring Boot

Spring Data Rest web services for Beginners - Step By Step Guide

This is a simple and easy written tutorial for beginners who are interested to explore the trending and widely used J2EE framework.

In this tutorial, we will learn how to secure the Restful web services using the HTTP Basic Authentication header.

According to rfc7617, basic authentication is the method for HTTP user agent to provide the following two pieces of information in a request

  • User Name
  • Password
In this method, the HTTP request contains the header in the following format

Authorization: Basic <credentials> 

where <credentials> is base64(username:password)

Step 1

Add the following dependency to the maven

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
<dependency>

Step 2

We will extend the WebSecurityConfigurerAdapter class to implement the basic HTTP authentication. We will override the following two methods

  • configure( HttpSecurity http )

             This method enables the Basic HTTP authentication.

  • configure( AuthenticationManagerBuilder auth )

           This method implements the logic for authentication. For simplicity, I am just matching the user name and password with dummy strings. You can implement the JDBC based or other login logic here.

@Configuration
public class BasicAuthenticationSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure( HttpSecurity http ) throws Exception {
        // TODO Auto-generated method stub
        http.csrf().disable().authorizeRequests().anyRequest()

          .authenticated().and().httpBasic();
    }

    @Override
    protected void configure( AuthenticationManagerBuilder auth ) throws Exception {
        // TODO Auto-generated method stub
        auth.inMemoryAuthentication()
        .withUser("test")
        .password("{noop}123")
        .roles("USER");
    }

   
}




We have now successfully implemented the code. Now let's test the code using Postman (the rest client)

The full source code for this tutorial can be found at SpringRestBasicAuthentication

We will get 401 Unauthorized if login credentials are not provided or wrong credentials are provided i.e.

Entering the correct credentials will authenticate the request and process it



Please leave your comments below.



Comments

Popular posts from this blog

Eclipse - Server Tomcat v8.5 Server at localhost failed to start.

When I try to launch the tomcat from Eclipse, I encountered the following error Server Tomcat v8.5 Server at localhost failed to start. Solution Step 1  Delete the .snap file located at the following location     eclipse workspace Path\ .metadata\.plugins\org.eclipse.core.resources Step 2 Delete the  tmp0  folder from the following path      eclipse workspace Path \.metadata\.plugins\org.eclipse.wst.server.core Step 3  Delete the server from servers list Step 4  Remove already added Tomcat Server      i)  Click on Define a new Server     ii)  Select Server Runtime Environments     iii) Select the Tomcat Server and remove it as follows Remove Selected Server Step 5 Make sure that correct version of Server is configured in Project Properties Step 6 Restart the Eclipse IDE.

hibernate-release-5.4.4.Final - Required Jars

Introduction Hibernate (Object Relational Mapping framework) is an implementation of Java Persistence API (JPA) specification.   Required Jars for Hibernate 5.4.4 Following Jars resided inside the required folder are the mandatory jars required for Hibernate 5.4.4 antlr-2.7.7.jar byte-buddy-1.9.11.jar classmate-1.3.4.jar dom4j-2.1.1.jar FastInfoset-1.2.15.jar hibernate-commons-annotations-5.1.0.Final.jar hibernate-core-5.4.4.Final.jar istack-commons-runtime-3.0.7.jar jandex-2.0.5.Final.jar javassist-3.24.0-GA.jar javax.activation-api-1.2.0.jar javax.persistence-api-2.2.jar jaxb-api-2.3.1.jar jaxb-runtime-2.3.1.jar jboss-logging-3.3.2.Final.jar jboss-transaction-api_1.2_spec-1.1.1.Final.jar stax-ex-1.8.jar txw2-2.3.1.jar Hibernate 5.4.4 release is compatible with  Java 8 or 11  JPA 2.2 References https://hibernate.org/orm/releases/5.4/

spark-submit java.lang.NoClassDefFoundError: scala/runtime/java8/JFunction1$mcII$sp

Exception  Exception in thread "main" java.lang.BootstrapMethodError: java.lang.NoClassDefFoundError: scala/runtime/java8/JFunction1$mcII$sp         at SparkPi$.main(SparkPi.scala:14)         at SparkPi.main(SparkPi.scala)         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) Problem: It seems that you have compiled and generated your jar file with an upper version of the Scala compiler than the one spark is using. Solution Step 1 Run the following command from spark-installed-directory\bin spark-shell.cmd (or.sh) and note the Scala version, My Spark version was 2.4.3 and Scala version 2.11.12 Step 2 Change the scala version into your build.sbt to 2.11.12 (per your configuration). My build.sbt is name := "SparkPi Project" version := "1.0" scalaVersion := "...